MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215
SHA3-384 hash:	9e9cd34ecb39e01d447ce8088a0435af1416e14831adaebed315999e4c422cb6f7f6c2df7a9ce80b0a200f149f92cf4f
SHA1 hash:	8a34d380fc2df5a1cc6c531c9c4674f2b990a892
MD5 hash:	51464cc94ced2fe5710865355f3febab
humanhash:	undress-shade-fanta-tango
File name:	SecuriteInfo.com.Trojan.PackedNET.577.16714.7114
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	999'424 bytes
First seen:	2021-03-15 18:56:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	24576:pHU2cOFNf1hItpGqwQPdspYBKuZ4D0Szd8q:BU2cAR1YGq/P6Y47Kq
Threatray	426 similar samples on MalwareBazaar
TLSH	3925CF1035DAD45EF0737EF249EEE5A095BEBEAB6205C40D3642670B46A37026C9373E
Reporter	SecuriteInfoCom
Tags:	SnakeKeylogger

Intelligence

File Origin

# of uploads :

1

# of downloads :

174

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Trojan.PackedNET.577.16714.7114

Verdict:

No threats detected

Analysis date:

2021-03-15 19:32:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/fcd94166-4c05-4ad5-bd42-f5209311c5e9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.577.16714.7114.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8f007675-8aa6-4d87-83c4-ba9f0e6b1bff

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/639977

Signature

.NET source code contains very large strings

Found malware configuration

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM3

Yara detected Beds Obfuscator

Yara detected Snake Keylogger

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215/

Threat name:

ByteCode-MSIL.Spyware.Noon

Status:

Malicious

First seen:

2021-03-15 09:33:25 UTC

AV detection:

15 of 28 (53.57%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kaiioobw4mknqylki3krkzg76jvc2nophgqa62mbpa6ptregwikq._file

Verdict:

suspicious

Similar samples:

081bf032ec84c1504a1ec0d43302699c3de788ea5172dcd94a5fcdbb427ffb21

12e33982a58e0107429e3903cb2ec0cd7ea24afe0dafdad5d4a57f1b2f7104ae

2479009a6045f8bc659508f1d4e4d47c997f388008a5d755f52fc6369713df0d

268f6ad0fa829df8641b4ca939eb591da6659e4824f998669c96fdf21284598e

3ed517e03182938065c9a5d0c3e97bfc763d36e6b34b9d41472e08549a9a3108

42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c

66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0

723fc2a02ff16459dad6943d5f8de485253aec7d7fcc0f43cc095edef3876200

cbda0cb5e73c569728dbc6898745de0e6d024bc2e7f7d3dfebf19caecda5d912

f5ce9b9e842592913ed4e6e1dafe695eae938aa52d4e232ac5be3e52387db7c6

+ 416 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210315-t2t8pzy88e/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215

MD5 hash:

51464cc94ced2fe5710865355f3febab

SHA1 hash:

8a34d380fc2df5a1cc6c531c9c4674f2b990a892

Link:

https://www.unpac.me/results/2ea7dbaf-fe45-468a-8306-18fba63313eb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample